MalwareBazaar Database

You are currently viewing the MalwareBazaar entry for SHA256 dfd20316cdd7a0be12698b9c9a2e8cd79fe095683b3f09175a591fce8d08ef83. While MalwareBazaar tries to identify whether the sample provided is malicious or not, there is no guarantee that a sample in MalwareBazaar is malicious.

Database Entry

ArkeiStealer

Vendor detections: 8

Intelligence 8 IOCs YARA File information Comments

SHA256 hash:	dfd20316cdd7a0be12698b9c9a2e8cd79fe095683b3f09175a591fce8d08ef83
SHA3-384 hash:	5ec0cb001de066d8f32b142cb4b616b26aeb0add2c354bebcb581e7f277cee12fbf95fdc71db5a4730e4da4cfc586bbe
SHA1 hash:	aa42b7617df39ab7646c1fc5b65fd403139e73a1
MD5 hash:	cde87869c5e5473b55185b74879536db
humanhash:	burger-march-neptune-eight
File name:	cde87869c5e5473b55185b74879536db.exe
Download:	download sample
Signature	ArkeiStealer Create hunting rule
File size:	244'736 bytes
First seen:	2021-09-30 17:28:45 UTC
Last seen:	2021-09-30 19:11:13 UTC
File type:	exe
MIME type:	application/x-dosexec
imphash	d31cc935cd1c6935cd48a10ef09a7414 (4 x RaccoonStealer, 3 x RedLineStealer, 2 x ArkeiStealer)
ssdeep	6144:yemjFeY5c6jsLsdwihb12pYnGvMIZT5AD6Tz:yhx/5c6LyYQMIZFAmT
Threatray	67 similar samples on MalwareBazaar
TLSH	T140349D10B7E0C030F2B712F649B693B9A42D7DB09B29D5CB53D95AEA46746E4EC30387
File icon (PE):
dhash icon	60e8c8e8aa66a499 (2 x RedLineStealer, 2 x ArkeiStealer, 1 x RaccoonStealer)
Reporter	abuse_ch
Tags:	ArkeiStealer exe

Intelligence

File Origin

# of uploads :

2

# of downloads :

189

Origin country :

n/a

Vendor Threat Intelligence

Malware family:

n/a

ID:

1

File name:

cde87869c5e5473b55185b74879536db.exe

Verdict:

Suspicious activity

Analysis date:

2021-09-30 19:13:22 UTC

Tags:

n/a

Link:

https://app.any.run/tasks/b9aeeef3-c773-472e-8246-bc310f76e295

Note:

ANY.RUN is an interactive sandbox that analyzes all user actions rather than an uploaded sample

Detection:

n/a

Link:

https://www.capesandbox.com/analysis/193764/

Detection(s):

SecuriteInfo.com.Variant.Fragtor.27383.24494.10027.UNOFFICIAL

Result

Verdict:

Clean

Maliciousness:

Malware family:

Generic Malware

Verdict:

Malicious

Link:

https://analyze.intezer.com/analyses/4f09912e-540a-418a-b460-047c2d82667b

Result

Threat name:

Vidar

Detection:

malicious

Classification:

troj.spyw.evad

Score:

80 / 100

Link:

https://www.joesandbox.com/analysis/862149

Signature

Detected unpacking (changes PE section rights)

Detected unpacking (overwrites its own PE header)

Found malware configuration

Found many strings related to Crypto-Wallets (likely being stolen)

Machine Learning detection for sample

Yara detected Vidar stealer

Behaviour

Behavior Graph:

Detection:

n/a

Link:

https://mwdb.cert.pl/sample/dfd20316cdd7a0be12698b9c9a2e8cd79fe095683b3f09175a591fce8d08ef83/

Threat name:

Win32.Trojan.Fragtor

Status:

Malicious

First seen:

2021-09-30 17:29:09 UTC

AV detection:

20 of 45 (44.44%)

Threat level:

5/5

Verdict:

malicious

Similar samples:

52d8a85ebf2defc2b7fa13237f45e6a24714e86cc0e595a6e7e8a43a16b923f0

5a2eff9610a0bdc09557cd54e9ad7e5b93b930359a8e322fb479ab7b1e20cf7d

70d2439d21209fcc393ca4989fbe1d5966c651345ad9b38bab512dbe9861e2bb

9cc81654b9314f9f7ce9b46d16213eba06d00969aeff8b2bbb6f443c2ddfba79

b4b9574d1681e6fa3fda139c0f58773c5f2850b25f345fd9d8b358cb02044189

b944023d535bc8e5980173e203cee0d2fc2df9e865b4a06fc0694436ce5b6541

ccbded51600db440d54831ff724cf0e988220da4cd069244ade361c959b8c852

e2186e1acd2f5ffa7897b8874871b4d835ed5814f10f87d91732d664be9bc06c

edf6beb88780fb3085332f843b73418f52bbf095265dad631cf8e187644cb565

f3caecffb11faf28d31a3f30e39511ab1dbbce621259b73172d94f9a75962d1c

+ 57 additional samples on MalwareBazaar

Result

Malware family:

arkei

Score:

10/10

Tags:

family:arkei stealer

Link:

https://tria.ge/reports/210930-v2j9saachq/

Behaviour

Arkei Stealer Payload

Arkei

Unpacked files

SH256 hash:

4b33410c1350737eb7eb734fb597c32083ae1a60955a871fe914b5ccff23a91a

MD5 hash:

e4e7f7cb036464db3050cf0fe6e7aaec

SHA1 hash:

44d6b2bfa01b4f2f7b3ffbd522d267af35a9cb01

Link:

https://www.unpac.me/results/81088e78-2315-4ac6-93bb-0cfa703b7bc1/

SH256 hash:

dfd20316cdd7a0be12698b9c9a2e8cd79fe095683b3f09175a591fce8d08ef83

MD5 hash:

cde87869c5e5473b55185b74879536db

SHA1 hash:

aa42b7617df39ab7646c1fc5b65fd403139e73a1

Link:

https://www.unpac.me/results/81088e78-2315-4ac6-93bb-0cfa703b7bc1/

Please note that we are no longer able to provide a coverage score for Virus Total.

Threat name:

Malicious File

Score:

1.00

Link:

https://yomi.yoroi.company/submissions/dfd20316cdd7a0be12698b9c9a2e8cd79fe095683b3f09175a591fce8d08ef83

File information

The table below shows additional information about this malware sample such as delivery method and external references.

Web download

exe dfd20316cdd7a0be12698b9c9a2e8cd79fe095683b3f09175a591fce8d08ef83

(this sample)

URLhaus

https://urlhaus.abuse.ch/url/1603785/

Delivery method

Distributed via web download

Cape

Cape

https://www.capesandbox.com/analysis/193764/

Comments

Login required

You need to login to in order to write a comment. Login with your abuse.ch account.

No comments found for this malware sample